IP Block Blacklist

November 2nd, 2006 No Comments

Gilfether.com runs Shoreline Firewall (Shorewall), an application built on top of IPTables. I recently implemented the blacklist, denying IP blocks from China, South Korea, and Russia from connecting to pretty much everything except port 80. I scripted it so that the list is updated once a month. It’s amazing how doing so has reduced the amount of spam I receive. Unfortunatley, I am still getting some from France and the U.S. It also appears that this has reduced the number of entries recorded in DenyHosts as it’s been quiet for the past 2 days.

For those that are interested, IP blocks for all the countries in the world can be obtained at http://www.completewhois.com/statistics/data/ips-bycountry/rirstats and is kept up to date. Download the ‘cidr.txt’ files for the countries you want to block, and use the ‘Include’ directive inside of the blacklist config file for Shorewall. Of course you will have to properly configure Shorewall to use the blacklist, which I will leave as an excersize for the reader.